LDAP Authentication using CAS
Scott Battaglia
scott.battaglia at gmail.com
Wed Jun 20 13:04:53 EDT 2007
I'm not familiar with LDAP, but a search of your error came up with this:
http://forum.java.sun.com/thread.jspa?messageID=4207368
-Scott
On 6/20/07, sriram purushothaman <sp_bits at yahoo.com> wrote:
>
> Scott,
>
> I changed my URLs entry in deployerConfig.xml because CAS server is in my
> PC and LDAP server is an Organisational one and it is in a different IP. So
> i gave that IP in my URLs list.
>
> In CAS login page, when i enter my credentials and click on LOGIN, i get
> this exception
> " LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error " in console.
>
> What could be the reason.
>
> Thanks
>
> *Scott Battaglia <scott.battaglia at gmail.com>* wrote:
>
> Unless your LDAP server and CAS are on the same machine you don't want to
> use localhost as the server name. Also, this is just a guess, but your
> searchbase of "*cn=Admin
> Annuity,OU=MUMBAI,OU=INDIA,OU=myCompanyusers,dc=myCompany,dc=com" * might
> be too specific.
>
> -Scott
>
> On 6/20/07, sriram purushothaman <sp_bits at yahoo.com> wrote:
> >
> >
> > Scott,
> >
> > Did you check my two XMLs. are they okay. I just want to know.
> >
> > I am attaching a plain java program which does LDAP authentication
> > correctly. It authenticates the sAMAccountName (basically employee-id) which
> > i give in the program.
> >
> > Please look at the value that is put for Context.PROVIDER_URL. Is this
> > the IP which i should give in my deployerConfig..xml for URLs property.
> > Currently i have given something like "localhost:389".
> >
> > Please let me know.
> >
> > Thanks
> >
> >
> > *Scott Battaglia <scott.battaglia at gmail.com >* wrote:
> >
> > Yes, that login screen is correct (because you have not modified it at
> > all). The exception you are getting is that your LDAP server refused the
> > connection from the LDAP server. Your LDAP server may be behind a firewall
> > or you may be attempting to access it via an incorrect protocol ( i.e.
> > ldap vs. ldaps) for what you are trying to do. You may want to talk to your
> > LDAP admins.
> >
> > -Scott
> >
> >
> > On 6/20/07, sriram purushothaman < sp_bits at yahoo.com> wrote:
> > >
> > >
> > > Hi
> > >
> > > I removed the CAS-FILTER related entries from my CAS web.xml. I am
> > > attaching it as CAS-web.xml
> > > I have added the CAS-FILTER related entries in my project's web.xml. I
> > > am attaching it as project-web.xml
> > >
> > > Now, When i give https://localhost:8443/cas/login, i get the
> > > Security-Alert dialog box and when i click on YES, i get CAS login screen. I
> > > am attaching this screen also here ( cas-login.doc). Is this the
> > > correct screen, because as per the description in this page "usernames
> > > equals passwords" is given.
> > >
> > > In this login page (if this is the correct page), When i give my Id
> > > and password and click on LOGIN button, i get an exception. I am attaching
> > > the exception trace also(exception-on-click-of-login).
> > >
> > > In all, i am adding 4 attachments.Sorry for bothering so much.
> > >
> > > Please let me know where i am going wrong.
> > >
> > > Thanks
> > >
> > > *Adrien Futschik < adrien.futschik at atosorigin.com>* wrote:
> > >
> > > On Wednesday 20 June 2007 08:18:26 sriram purushothaman wrote:
> > > > Scott,
> > > >
> > > > I am attaching my WEB.XML available under tomcat-5.5.16/cas/WEB-INF
> > > folder.
> > > > I have given entries only loginURL, validateURL and ServerName. I
> > > have not
> > > > given an entry for ServiceURL. Is that required?
> > > >
> > > > Please check my web.xml and tell me which URL should I use in my IE?
> > > > I tried using http://localhost:8080/cas/login . I got CAS login
> > > page. But
> > > > after giving my credentials i got an exception. My LDAP auth did not
> > > happen
> > > >
> > > > Thanks
> > > >
> > > > Scott Battaglia < scott.battaglia at gmail.com> wrote: This might help
> > > you:
> > > > http://www.ja-sig.org/wiki/display/CASUM/LDAP
> > > >
> > > > (note that the first step about the dependency relates to CAS 3.1and not
> > > > CAS 3.0.x but the rest of the information should be okay).
> > > >
> > > > -Scott
> > > >
> > > > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com> wrote: Please
> > > check
> > > > this bean entry in deployer..xml <bean id="contextSource"
> > > > class="
> > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > > > <property name="authenticatedReadOnly" value="false" /> <property
> > > > name="userName" value="" />
> > > > <property name="password" value="" />
> > > > <property name="urls">
> > > > <list>
> > > > <value>ldap://XX.XXX.X.XXX:389/</value>
> > > > </list>
> > > > </property>
> > > >
> > > > <property name="baseEnvironmentProperties">
> > > > <map>
> > > > <entry>
> > > >
> > > > <key><value>java.naming.security.authentication</value></key>
> > > > <value>simple</value>
> > > > </entry>
> > > > </map>
> > > > </property>
> > > > </bean>
> > > >
> > > > What should i give for UserName and Password?
> > > > Should i give the Distinguished Name and password that i normally
> > > use in
> > > > httpd.conf(Apache web-server + weblogic) and what should i give for
> > > URLs
> > > > list
> > > >
> > > > Please let me know
> > > >
> > > > Thanks
> > > >
> > > > Scott Battaglia <scott.battaglia at gmail.com > wrote: If you're using
> > > a
> > > > non-Sun JVM, then you need to set the "responseControlFactory"
> > > property on
> > > > the ContextSource. The default is an internal Sun implementation.
> > > >
> > > > -Scott
> > > >
> > > > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com > wrote: Hi
> > > >
> > > > I have done LDAP authentication using Apache Webserver 2.0.59 and
> > > Weblogic
> > > > 8.1 and I am successful with it. Now i want to do it with CAS.
> > > >
> > > > I am new to CAS and i am trying out few stuff. I am using Tomcat
> > > 5.5.16,
> > > > JDK 1.42
> > > >
> > > > 1. I have download cas-server-3.0.7 and cas-client-java-2.1.1
> > > > 2. I have downloaded cas-server-ldap-3.0.7 JAR , spring-ldap1.1.2JAR,
> > > > ldapbp1.0 JAR and put these 3 JARs in localplugins/lib folder. 3.
> > > Did ant
> > > > jar and ant war. Got the localplugins.jar and the WAR file 4. I
> > > changed my
> > > > deployerConfigContext.xml. I have attached the same here.Pleasecheck and
> > > > tell me whether it is correct. 5. Copied the WAR into my
> > > tomcat/webapps
> > > > 6. When i start my tomcat, i am getting the attached error.
> > > >
> > > > I have downloaded this folder structure com.sun.jndi.ldap.<>, but
> > > not sure
> > > > what to do with it.
> > > >
> > > > Regards,
> > > > Sriram
> > > >
> > > >
> > > > ---------------------------------
> > > > Don't pick lemons.
> > > > See all the new 2007 cars at Yahoo! Autos.
> > > >
> > > >
> > > > 2007-06-19 14:55:45,250 ERROR
> > > > [org.springframework.web.context.ContextLoader ] - <Context
> > > initialization
> > > > failed> org.springframework.beans.factory.BeanCreationException:
> > > Error
> > > > creating bean with name 'centralAuthenticationService' defined in
> > > > ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot
> > > resolve
> > > > reference to bean 'authenticationManager' while setting bean
> > > property
> > > > 'authenticationManager'; nested exception is
> > > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating
> > > > bean with name 'authenticationManager' defined in ServletContext
> > > resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752 '
> > > of type
> > > > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while
> > > setting
> > > > bean property 'authenticationHandlers' with key [1]; nested
> > > exception is
> > > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating
> > > > bean with name
> > > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> > > defined
> > > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > > Cannot
> > > > resolv!
> > > > e reference to bean 'contextSource' while setting bean property
> > > > 'contextSource'; nested exception is
> > > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating
> > > > bean with name 'contextSource' defined in ServletContext resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > > nested
> > > > exception is java.lang.NoClassDefFoundError :
> > > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating
> > > > bean with name 'authenticationManager' defined in ServletContext
> > > resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752' of
> > > type
> > > > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ] while
> > > setting
> > > > bean property 'authenticationHandlers' with key [1]; nested
> > > exception is
> > > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating
> > > > bean with name
> > > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> > > defined
> > > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > > Cannot
> > > > resolve reference to bean 'contextSource' while setting bean
> > > property
> > > > 'contextSource'; nested exception is
> > > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating
> > > > bean with name 'contextSource' defined in ServletContext resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > > nested
> > > > exce!
> > > > ption is java.lang.NoClassDefFoundError:
> > > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating
> > > > bean with name
> > > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752 '
> > > > defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]:
> > > > Cannot resolve reference to bean 'contextSource' while setting bean
> > > > property 'contextSource'; nested exception is
> > > > org.springframework.beans.factory.BeanCreationException : Error
> > > creating
> > > > bean with name 'contextSource' defined in ServletContext resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > > nested
> > > > exception is java.lang.NoClassDefFoundError:
> > > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > > org.springframework.beans.factory.BeanCreationException: Error
> > > creating
> > > > bean with name 'contextSource' defined in ServletContext resource
> > > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > > nested
> > > > exception is java.lang.NoClassDefFoundError:
> > > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > > java.lang.NoClassDefFoundError:
> > > > com.sun.jndi.ldap.ctl.ResponseControlFactory at
> > > > org.springframework.ldap.support.LdapContextSource.class$
> > > > (LdapContextSource.java :42) at
> > > > org.springframework.ldap.support.LdapContextSource
> > > .<clinit>(LdapContextSour
> > > >ce.java:42) at sun.reflect.NativeConstructorAccessorImpl.newInstance0
> > > (Native
> > > > Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance
> > > > (NativeConstructorAccessorImpl.java:39) at
> > > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance
> > > (DelegatingConstru
> > > > ctorAccessorImpl.java:27) at
> > > > java.lang.reflect.Constructor.newInstance(Constructor.java :274) at
> > > > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:84)
> > > at
> > > > org.springframework.beans.BeanUtils.instantiateClass (BeanUtils.java:60)
> > > at
> > > >
> > > org.springframework.beans.factory.support.SimpleInstantiationStrategy.insta
> > > >ntiate (SimpleInstantiationStrategy.java:45) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.instantiateBean (AbstractAutowireCapableBeanFactory.java:739) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.createBeanInstance (AbstractAutowireCapableBeanFactory.java :727)
> > > at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.createBean (AbstractAutowireCapableBeanFactory.java:390) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > > > (AbstractBeanFactory.java:254) at
> > > >
> > > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> > > >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > > (AbstractBeanFactory.java:251) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > > (AbstractBeanFactory.java:163) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veReference(BeanDefinitionValueResolver.java :271) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veValueIfNecessary (BeanDefinitionValueResolver.java:128) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java :1047)
> > > at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.populateBean (AbstractAutowireCapableBeanFactory.java :843) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veInnerBean (BeanDefinitionValueResolver.java:221) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veValueIfNecessary (BeanDefinitionValueResolver.java :111) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veManagedList (BeanDefinitionValueResolver.java:291) at
> > > >
> > > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > > >veValueIfNecessary (BeanDefinitionValueResolver.java:132) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java:1047)
> > > at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.populateBean (AbstractAutowireCapableBeanFactory.java :843) at
> > > >
> > > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > > >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > > > (AbstractBeanFactory.java:254) at
> > > >
> > > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> > > >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > > (AbstractBeanFactory.java:251) at
> > > >
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > > ( AbstractBeanFactory.java:163)
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > >
> > > >
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > _______________________________________________ Yale CAS mailing
> > > list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > >
> > > > ---------------------------------
> > > > We won't tell. Get more on shows you hate to love
> > > > (and love to hate): Yahoo! TV's Guilty Pleasures list.
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > you mixed up a few things. The cas-filter is to be used with your
> > > client
> > > application not with cas. This means that your web.xml for cas is
> > > wrong.
> > > It should look like this ....
> > > <?xml version="1.0" encoding="ISO-8859-1"?>
> > > <web-app xmlns=" http://java.sun.com/xml/ns/j2ee"
> > > xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
> > > xsi:schemaLocation=" http://java.sun.com/xml/ns/j2ee
> > > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
> > > version="2.4">
> > > <display-name>Central Authentication System (CAS) 3.0</display-name>
> > > <context-param>
> > > <param-name>contextConfigLocation</param-name>
> > > <param-value>
> > > /WEB-INF/applicationContext.xml,
> > > /WEB-INF/deployerConfigContext.xml
> > > </param-value>
> > > </context-param>
> > > <!-- DEBUT Ajout pour OPIAM -->
> > > <filter>
> > > <filter-name>additional cookie</filter-name>
> > > <filter-class>com.atosorigin.opiam.auth.cas.CreateAdditionalCookie
> > > </filter-class>
> > > </filter>
> > > <filter-mapping>
> > > <filter-name>additional cookie</filter-name>
> > > <url-pattern>/*</url-pattern>
> > > </filter-mapping>
> > > <!-- FIN Ajout pour OPIAM -->
> > > <!--
> > > place this into the contextConfigLocation to enable
> > > service restrictions.
> > > /WEB-INF/approvedServices.xml, .....
> > > In fact I didn't not even change anything in-there.
> > > The first thing you have to do is try out https connection to CAS. For
> > > me it was :
> > > https://localhost:8443/cas/login but by default the port is 8444, so
> > > it would be
> > > https://localhost:8444/cas/login
> > > Then if you've made the changes you need to in
> > > deployerConfigContext.xml, you should be able to authenticate with a
> > > valid user&password.
> > > See my configuration attached.
> > > Hope it helps
> > > --
> > > Futschik Adrien
> > > Atos Origin
> > > Tour "Les Miroirs"
> > > 18, avenue d'Alsace
> > > 92296 Paris La Défense Cedex
> > > FRANCE
> > >
> > > Phone: +33 (0) 1 55 91 24 82
> > > adrien.futschik at atosorigin.com
> > > www.si.fr.atosorigin.com
> > >
> > >
> > >
> > >
> > >
> > >
> > > class=" org.jasig.cas.authentication.AuthenticationManagerImpl">
> > >
> > >
> > >
> > >
> > >
> > > class="
> > > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> > > />
> > >
> > >
> > > class="
> > > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > class="
> > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > > >
> > >
> > >
> > >
> > >
> > >
> > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ldap://localhost:4800/
> > >
> > >
> > >
> > >
> > >
> > >
> > > java.naming.security.authentication
> > > simple
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > > ------------------------------
> > > You snooze, you lose. Get messages ASAP with AutoCheck<http://us.rd.yahoo.com/evt=47959/*http://advision.webevents.yahoo.com/mailbeta/newmail_html.html>
> > > in the all-new Yahoo! Mail Beta.
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia_______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> > ------------------------------
> > Be a better Globetrotter. Get better travel answers
> > <http://us.rd.yahoo.com/evt=48254/*http://answers.yahoo.com/dir/_ylc=X3oDMTI5MGx2aThyBF9TAzIxMTU1MDAzNTIEX3MDMzk2NTQ1MTAzBHNlYwNCQUJwaWxsYXJfTklfMzYwBHNsawNQcm9kdWN0X3F1ZXN0aW9uX3BhZ2U-?link=list&sid=396545469>from
> > someone who knows.
> > Yahoo! Answers - Check it out.
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Looking for a deal? Find great prices on flights and hotels<http://us.rd.yahoo.com/evt=47094/*http://farechase.yahoo.com/;_ylc=X3oDMTFicDJoNDllBF9TAzk3NDA3NTg5BHBvcwMxMwRzZWMDZ3JvdXBzBHNsawNlbWFpbC1uY20->with Yahoo! FareChase.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070620/c6df71e9/attachment-0001.html
More information about the cas
mailing list